Solved: How to custom sort by column headers

DEADBEEF · ‎08-04-2020

I have a table that shows the number of logs by severity over each host. I want to be able to rearrange the severity columns into a specific order but can't figure out how. I tried using custom sort field via eval but didn't seem to work.

Current SPL

index=foo sourcetype=logs
| chart count over server by severity

Current Table Order

server   major   info   critical    minor
serverA   5       10       8          6
serverB   22       5       13         9

Desired Table Order

server   critical  major   minor  info
serverA   8         5       6      10
serverB   13        22      9       5

thambisetty · ‎08-04-2020

use table command to re arrange table header:

| table server critical major minor info

————————————
If this helps, give a like below.

View solution in original post

thambisetty · ‎08-04-2020

use table command to re arrange table header:

| table server critical major minor info

————————————
If this helps, give a like below.

How to custom sort by column headers

chart

table

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Accelerating Observability as Code with the Splunk AI Assistant

Join the Conversation